Vulnerability Assessment Tools

NetSPI consultants dedicate time and resources to develop open-sourced tool sets that strengthen the infosec community.

Want to see more of our open source projects, check out our GitHub repositories. Click here

 

 

PowerUpSQL

PowerUpSQL supports SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale for internal penetration testing and read team engagements.

Get it on Github arrow_forward Read the blog arrow_forward

Inveigh

Inveigh is a PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.

Get it on Github arrow_forward Read the blog arrow_forward

Inveigh Zero

InveighZero is a C# LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.

Get it on Github arrow_forward

MicroBurst

MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping.

Get it on Github arrow_forward Read the blog arrow_forward

NetSPI SQL Injection Wiki

Our wiki is a comprehensive knowledge base for SQL injection. You’ll find resources on identifying, exploiting, and escalating SQL injection vulnerabilities across database management systems.

Access the Wiki arrow_forward Read the blog arrow_forward

PESecurity

PESECURITY is a PowerShell script that displays whether images (DLLs and EXEs) are compiled with ASLR, DEP, and SafeSEH.

Get it on Github arrow_forward Read the blog arrow_forward

Burpsuite: Burp extractor

Burp Extractor is a one-size-fits-all tool that uses regex for extracting data from HTTP responses – such as CSRF tokens, Auth Bearer tokens, timestamps, etc. – to be reused in HTTP requests sent through Burp.

Get it on Github arrow_forward Read the blog arrow_forward

BurpSuite: JSON Beautifier

JSON Beautifier is a Burp Extension for beautifying JSON output, so it is easier to view and modify unparsed JSON strings.

Get it on Github arrow_forward Read the blog arrow_forward

BurpSuite: AWSSigner

AWSSigner looks for the “X-AMZ-Date” header in Burp requests. If it finds a request, it will update the signature in the request with your access key, secret key region and service.

Get it on Github arrow_forward

BurpSuite: Wsdler

Wsdler is a Burp extension that takes a WSDL request and parses out the operations that are associated with the targeted web service. It then creates SOAP requests which can then be sent to a web service.

Get it on Github arrow_forward Read the blog arrow_forward

Tokenvator

Tokenvator is a .NET tool used to elevate permissions on Windows. It works by impersonating or altering authentication tokens.

Get it on Github arrow_forward Read the blog arrow_forward

WheresMyImplant: A C# Bring-Your-Own-Land toolkit

WheresMyImplant is tool to gain and maintain access to a target system. It can also be installed as WMI provider for covert long-term persistence.

Get it on Github arrow_forward Access the Wiki arrow_forward

SQLC2

SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.

Get it on Github arrow_forward Read the blog arrow_forward

goddi (Go Dump Domain Info)

GODDI dumps Active Directory domain users, groups, domain controllers, and related information into CSV output, in just a matter of seconds. It runs on both Windows and Linux.

Get it on Github arrow_forward Read the blog arrow_forward

JavaSerialKiller

WebLogic Password Decryptor is a PowerShell and Java tool to decrypt WebLogic passwords and gain access to other systems and Oracle databases.

Get it on Github arrow_forward Read the blog arrow_forward

WebLogicPasswordDecryptor

WebLogic Password Decryptor is a PowerShell and Java tool to decrypt WebLogic passwords and gain access to other systems and Oracle databases.

Get it on Github arrow_forward Read the blog arrow_forward

Invoke-ExternalDomainBruteForce

Invoke-ExternalDomainBruteForce is a bruteforce tool for automated password-guessing on managed and federated domains.

Get it on Github arrow_forward Read the blog arrow_forward

Get-AdDecodedPassword

Get-AdDecodedPassword uses the Active Directory PowerShell Module to query Active Directory and decode UnixUserPassword, UserPassword, unicodePwd, or msSFU30Password fields.

Get it on Github arrow_forward

GET-MSSQLALLCredentials

GET-MSSQLALLCredentials is a PowerShell tool to identify all MSSQL instances on a server, determine the encryption algorithm and automate credential password decryption.

Get it on Github arrow_forward Read the blog arrow_forward

DAFT: Database Audit Framework & Toolkit

DAFT is a MSSQL database auditing and assessment tool written in C# that can identify non-default databases and database tables, search for sensitive data by keyword and execute SQL commands.

Get it on Github arrow_forward

PowerSkype

PowerSkype is a PowerShell tool to attack federated Skype for Business instances that allows you to validate email addresses, get Skype availability, send phishing messages and more.

Get it on Github arrow_forward Read the blog arrow_forward

Invoke-TheHash

Invoke-TheHash is a PowerShell to pass the hash WMI and SMB tasks. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol.

Get it on Github arrow_forward

TellMeYourSecrets

TellMeYourSecrets is a C# DLL to dump LSA secrets.

Get it on Github arrow_forward

Powermad

Powermad is a collection of PowerShell MachineAccountQuota and DNS exploit tools to launch man-in-the-middle attacks.

Get it on Github arrow_forward Read the blog arrow_forward

  • Sign Up for Our Mailing List to Keep Up on the Latest From NetSPI

  • Close

    Contact Us